| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Feb 2011 12:56:55 -0800
From: Steve Beattie <sbeattie@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-1064-1] OpenSSL vulnerability
===========================================================
Ubuntu Security Notice USN-1064-1 February 15, 2011
openssl vulnerability
CVE-2011-0014
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.6
Ubuntu 10.10:
libssl0.9.8 0.9.8o-1ubuntu4.4
After a standard system update you need to reboot your computer to make
all the necessary changes.
Details follow:
Neel Mehta discovered that incorrectly formatted ClientHello handshake
messages could cause OpenSSL to parse past the end of the message.
This could allow a remote attacker to cause a crash and denial of
service by triggering invalid memory accesses.
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.diff.gz
Size/MD5: 113947 666d4d39c8d15495574b3e8cde84d14b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6.dsc
Size/MD5: 2097 a9aee866b987128cbb53018bb4c3e076
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k.orig.tar.gz
Size/MD5: 3852259 e555c6d58d276aec7fdc53363e338ab3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8k-7ubuntu8.6_all.deb
Size/MD5: 640766 4410bba4b493067940d740ba0bfd9e36
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb
Size/MD5: 630236 4e57f2683a2fd11379ef834de483e92a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_amd64.deb
Size/MD5: 2143716 b73b8e9eca5d99faf5bba7b3ad885d0d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_amd64.deb
Size/MD5: 1650734 15024c4129edb6729aadd42a3c6625d9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_amd64.udeb
Size/MD5: 136136 c691630136d1888d9818afcbef5b3376
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_amd64.deb
Size/MD5: 979838 e410fcc0f092be5bdf0dd48866030de6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_amd64.deb
Size/MD5: 406380 45ae705310a650701711237bc24834fa
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb
Size/MD5: 582632 605d20a6d46358bb020263b589628bc7
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_i386.deb
Size/MD5: 2006542 2651ca8bad5a1274f8ac9eb3c9928f10
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_i386.deb
Size/MD5: 5806564 99755b3eed448fd0bedaf6c90c760222
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_i386.udeb
Size/MD5: 129782 08548187135f8ef21f91c1206231c46c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_i386.deb
Size/MD5: 3015290 d32c63182c7b0eb4ef8eb8427d89ec65
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_i386.deb
Size/MD5: 400386 0a10c201d957f574524d98d9e4b87df3
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb
Size/MD5: 532308 0532b6933c19ecb8ddf0cf502acdbef7
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_armel.deb
Size/MD5: 1935434 3b86a27ba4064993fa641b7a57700947
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_armel.deb
Size/MD5: 1624860 cc66be850879a7506c83199a8307c0a8
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_armel.udeb
Size/MD5: 115646 5f09e1585b7d8213a34c326e878d2855
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_armel.deb
Size/MD5: 849808 fe1a2c9bb7fa58309897e2c74428565c
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_armel.deb
Size/MD5: 394134 6dae0590575a5d6cca5ec37bee48c3d0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb
Size/MD5: 627048 9cc7f8c9c8e834804f6b8ad9d4f038e1
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_powerpc.deb
Size/MD5: 2147450 1fa01d48576c59ece29b15e52067a061
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_powerpc.deb
Size/MD5: 1718982 d8af42edbf4b9e0cd4e8a49db65d6c34
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_powerpc.udeb
Size/MD5: 135572 9ceece261ebb15a1e736ea5a87936e29
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_powerpc.deb
Size/MD5: 969796 9f000a8d471e6779147746d85bd672e2
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_powerpc.deb
Size/MD5: 402854 37d4422ee00a9fe04c6edb02d79652ae
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb
Size/MD5: 597970 be4c632244422acea148a8b46c6bd2d4
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8k-7ubuntu8.6_sparc.deb
Size/MD5: 2065588 5dcc87c24f3582085dd0c27a2dc6ca38
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8k-7ubuntu8.6_sparc.deb
Size/MD5: 4094532 59af6b8697affcf4ee54d266f824c419
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8k-7ubuntu8.6_sparc.udeb
Size/MD5: 125888 5bf540180404fc36f0ff593f26bbb4af
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8k-7ubuntu8.6_sparc.deb
Size/MD5: 2354154 bfa9eab34e57f6066df484565a83ca62
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.6_sparc.deb
Size/MD5: 419326 a339be63d8d5721fb821278fc73917f8
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.debian.tar.gz
Size/MD5: 93256 d842e047afa927d7b45707e5662299b4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4.dsc
Size/MD5: 2113 a2453418b5f65205b4100fca4bbab478
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o.orig.tar.gz
Size/MD5: 3772542 63ddc5116488985e820075e65fbe6aa4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8o-1ubuntu4.4_all.deb
Size/MD5: 645856 b87766f110e4001b91e52d831932293c
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb
Size/MD5: 620310 4b921a5507e0d43d49f0959a40b6e698
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_amd64.deb
Size/MD5: 2149904 1789acf946fa5fb29210c573e1c454a3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_amd64.deb
Size/MD5: 1550490 8890e9c5294c00c538bf8c33838e7223
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_amd64.udeb
Size/MD5: 137390 46a1a45ee4b23451f504e80acf1f3e06
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_amd64.deb
Size/MD5: 923110 2443af9e7f04a89766956a1897ef3109
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_amd64.deb
Size/MD5: 406004 35ab88b06cc50111ee30876069e62618
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb
Size/MD5: 570726 64d9207ff0f9808cdd1fd5f67a3a41b2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_i386.deb
Size/MD5: 2012646 e036571cd83edf3a270a6875edeb7b1d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_i386.deb
Size/MD5: 1553820 4351ce2cf1de859743b84302ea216adc
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_i386.udeb
Size/MD5: 130530 a49a036f44e0e5144063c447099957b7
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_i386.deb
Size/MD5: 866474 f7ce89e52baa2d29bf56303ef4ceb7fa
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_i386.deb
Size/MD5: 400060 96e4e0a0c894e0509f7b5b0834b7f76e
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb
Size/MD5: 566054 35f2b45ca48a64392522ec243d2e14aa
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_armel.deb
Size/MD5: 2014346 9b1bc7134c7e9b5c4c0fab38c3ccee17
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_armel.deb
Size/MD5: 1542334 15db4641260fd3f9fc247b7e8be73f7c
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_armel.udeb
Size/MD5: 120460 ac27441462cd80a6244c11475241c5fb
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_armel.deb
Size/MD5: 850040 8b6242e95592404cfb5457b3a2fefb00
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_armel.deb
Size/MD5: 406494 697677cbc870e7c857246d14777573c1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb
Size/MD5: 616136 a3c28af9e2d1314e6486ce9c1aef1b59
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8o-1ubuntu4.4_powerpc.deb
Size/MD5: 2154734 f859e9290ca73eb92e34b160402c058f
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8o-1ubuntu4.4_powerpc.deb
Size/MD5: 1618684 e729f6525a3b7180633d3b7f0ae78223
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-udeb_0.9.8o-1ubuntu4.4_powerpc.udeb
Size/MD5: 136090 f5ddcf671c6091f6bd42abf9cc5293d5
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8o-1ubuntu4.4_powerpc.deb
Size/MD5: 917686 f505d2f147fc42c1babb5767c0d89199
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8o-1ubuntu4.4_powerpc.deb
Size/MD5: 402036 45760e9ca5448f7e25696c90da53b244
Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists